May 19, 2026
Former DISA Director Lt. Gen. Bob Skinner says cyber defense is entering a new era where digital forensics is no longer just about investigating incidents after they happen. During an interview on FedGov Today, Skinner explains that digital forensics is now becoming one of the most important tools agencies have to defend networks in real time against increasingly sophisticated cyber threats.
Skinner describes digital forensics as the process of collecting and analyzing information from systems, devices and networks to better understand activity happening inside an environment. While many people associate digital forensics with law enforcement investigations and criminal prosecutions, he argues that the mission has evolved significantly in the cyber domain. Today, organizations need forensic capabilities to identify threats while attacks are still unfolding, not simply after the damage is done.
According to Skinner, the cyber landscape continues to grow more complex as technology evolves. He says the challenge facing government agencies is not necessarily different from previous years, but the scale and sophistication of attacks continue to increase. Threat actors now have access to more advanced tools, broader infrastructure and faster methods for exploiting vulnerabilities. As a result, organizations must improve their ability to gather and interpret data quickly enough to understand what adversaries are trying to accomplish.
One major issue Skinner highlights is the growing overlap between criminals and nation-state adversaries. He explains that both groups often use similar command-and-control infrastructure, tools and techniques. In some cases, nation states even rely on criminal groups as proxies to conduct operations. Because the distinction between the two continues to blur, agencies can no longer afford to think of cyber defense and law enforcement as separate activities.
Skinner also discusses the difficult decisions organizations face when attackers are discovered inside a network. The immediate instinct may be to block malicious activity and remove adversaries as quickly as possible. However, he says there are situations where defenders benefit from monitoring activity longer in order to gain additional intelligence and context about the broader threat. That deeper understanding can help agencies become more resilient and better prepared for future attacks.
Artificial intelligence also plays a major role in Skinner’s outlook on cybersecurity. He points to platforms like Mythos as examples of how AI can rapidly analyze environments and uncover vulnerabilities organizations may not even realize exist. While some people are surprised by how quickly these capabilities are emerging, Skinner says the technology represents a natural evolution of cybersecurity operations. He believes AI can help agencies answer one of the most difficult questions in cyber defense: “What don’t you know?”
At the same time, Skinner emphasizes that technology alone is not enough. He argues the federal government needs more “operational technologists” — professionals who understand both mission requirements and advanced technology. Too often, he says, organizations separate technologists from mission experts instead of developing people who can connect both worlds together.
For Skinner, building that workforce starts early through partnerships among government, academia and industry. He believes critical thinking, curiosity and cross-disciplinary expertise will become essential qualities for the next generation of cyber leaders as agencies continue adapting to an increasingly dynamic threat environment.